In this digital era, secure passwords are vital in protecting your personal information, not entirely, but at least you did your part. At times the mistake may emanate from the service provider’s themselves leading to your credentials being leaked. However, hacking from the client end has nowadays evolved to using ‘password-spraying’ attacks according to a study by Google.
Password-spraying technique involves hackers gathering a large number of accounts(usernames) then trying to login with the few commonly used passwords, with the intention that some of the target users may still be using one of them.
Google wanted to find out why hackers these days rely on ‘password-spraying’ attacks rather than the normal brute-force (guessing passwords) in online accounts. The company found out that most people don’t change their passwords even if they are warned it’s been compromised.
The research was carried out on the 670,000 users that have installed Chrome’s Password Checkup extension. The extension relies on Google’s database of four billion credentials that have been leaked in the past to warns the user to change their password if their credentials match the compromised ones.
From the study, Google found out that 25.7% of its alerts, totaling 81,368 did not trigger a password change. On the other hand, only 26.1% of alerts, totaling 82,761 resulted in the changing of passwords. Over 60% of the changed passwords were found secure to guessing attacks, with 40% still being vulnerable.
Google also discovered that 94% of the changed passwords were stronger than the old ones, even though 40% of these are guessable.
How to Check if your Credentials have been Leaked in a Data Breach
There are various methods that you can use to perform this check.
1. By Using “Have I Been Pwned”
This website that lets you check if your email account has been compromised in a data breach. It is easy to use, and you don’t need to sign up to check.
2. Google’s Password Checkup extension
This extension is available on Google Chrome. Once on a website login page, Google Password Checkup will analyze your credentials warning you if they are among the four billion Google knows have been compromised.
3. Firefox Monitor service.
You can also check if your email has been leaked in a breach using Firefox monitor. Like I just found out one of my email addresses have been involved in a data breach on 9th August. The service is similar to “Have I Been Pwned.” You can also sign up to receive alerts on security issues related to your email address(s.)